Substitute Specification: 

NETWORK SECURITY SYSTEM 
BACKGROUND OF THE INVENTION 

The present invention is related to network security systems, and more 
particularly to network security systems that can protect an internal system that 
can send and receive data over a network. 

In systems that can be used for the sale of goods via networks such as 
the Internet, sales and delivery of goods can be conducted to obtain order 
information through the network. The sales information can then be written to a 
database. In such a system, the data representing customer order information can 
be damaged during fraudulent acquisition of the data representing customer order 
information by hackers. In turn, customers orders can be suspended and/or lost. 
Moreover, when customer order information is fraudulently stolen through the 
network, significant credit problems can occur for consumers. Conventionally, 
security systems known as firewalls are placed between the network and the 
internal system to reduce and/or prevent the likelihood of invasion by hackers. 

Conventional firewall technology can require identification 
information, security codes and authentication to ensure access for those about to 
access the Internal system -through the_network. Such firewall technology is 
described, for example, in patent publications 11-298639, and 10-214304). 
However, it -can be difficult to protect against hackers who obtain identification 
information and security codes by fraudulent means and/or camouflage. To 
encourage general customers to place orders over the Internet, an ordering system 
is necessary that can reduce and/or prevent fraudulent data from becoming mixed 
with the data representing customer order information. Accordingly, a system is - 
needed that can reduce and/or eliminate fraudulent reading of the contents of a 
database used in a system for sales of goods over a network. 
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SUMMARY OF PREFERRED EMBODIMENTS 

An aspect of the present invention relates to a network security system 
is provided that includes a server connected to a network, a received data storage 
means to store data with an external format which a server received through the 
network, a received data format conversion means to convert data with an external 
format stored in the received data storage means to data with the internal format 
and to store them in a received-process data storage means, and a host computer to 
execute a predetermined process utilizing data with internal format stored in the 
received-process data storage means. 

A server is connected to the network. Data with an external format is 
received from other terminal units through the network. The data format of data 
with the external format is optional. The data format of data with the internal 
format is optional as well. 

The received data format conversion means reads out data with the 
external format from the received data storage means and converts them to data 
with the internal format in a fixed procedure, and afterwards, writes them in the 
received process data storage means. Data with the internal format stored in the 
received process data storage means are utilized by the host computer. The 
received data format conversion means extracts and fabricates only necessary data 
from the data with an external format, and converts them to internal data with the 
predetermined and reliable format. 

Data with an external format received through the network is written 
in the received data storage means, but the host computer does not directly access 
to the received data storage means. As a result, obtaining fraudulent data can be 
prevented. When the received data format conversion means converts data with an 
external format to data with an internal format, the received data format 
conversion means can convert the data with the external format to internal data 
with a reliable format, thereby eliminating the fraudulent data. The host computer 
can access the received process data storage means with selective timing and use 
the data with the internal format. 
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According to another aspect of the present invention, the received data 
storage means can allow data with an external format which the server received to 
be written, and can reduce the likelihood of and/or prevent data from being read out 
by the server. A received process data storage means can allow data with an 
internal format to be read out by the host computer and can reduce the likelihood of 
and/or prevent data from being written by the host computer. The received data 
storage means can reduce the likelihood of and/or prevent data from being read out 
by the server is by reducing the likelihood of and/or preventing the data in the 
received data storage means from being read out from the network side. Preventing 
writing data into the received process data means by the host computer can reduce 
the likelihood of and/or prevent data from being carelessly output from the host 
computer side to the network side. This can reduce the likelihood of and/or prevent 
data from flowing from the host computer to the network. Data on the host 
computer side is not read out to the network side. The likelihood of data being 
written or read out can be reduced and/or prevented. This includes all formats of 
data, whether internal or external. 

According to another aspect of the present invention, the received data 
storage means can allow data with an external format to be read out by the received 
data format conversion means and can reduce the likelihood of and/or prevent data 
from being written by the received data format conversion means, and the received 
process data storage means allows data with an internal format to be written by the 
received data format conversion means and can prevent data from being read out by 
the received data format conversion means. The received data format conversion 
means is allowed only to read out data with an external format from the received 
data storage means, and only to write data with the internal format to the received 
process data storage means. As a result, data flow by the received data format 
conversion means is a one way flow from the network side to the host computer 
side. Then, the data flow from the host computer side to the network side can be 
prevented, and data on the host computer side can be protected. 
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According to another aspect of the present invention, the data with the 
internal format can additionally be stored at predetermined times into the database 
of the host computer from the received-processing data storage means. When the 
received process data storage means is arranged apart from the host computer, data 
corresponding to the database of the host computer side can be transferred from the 
received process data storage means. Data can be transferred with predetermined 
timing, independent from action of the received data format conversion means. The 
timing of updating the database on the host computer side is optional. 

According to another aspect of the present invention, the conversion 
process from data with an external format to data with the internal format by the 
received data format conversion means and the additional storage process of the 
data with an internal format to the database of the host computer are respectively 
executed in a composite manner, with an independent timing. Writing the received 
data in the received data storage means by the server is usually done with each 
piece of data. But the received data format conversion means executes the 
conversion process compositely. What is meant by composite execution is that 
processing occurs not of piece of data, but as a composite numerical number of data, 
such as occurs in a batch process. What is meant by execution with independent 
timing is that the activation control of each process is independent. There is no 
problem, of course, if controlling the activation timing is intended, for instance, in a 
manner in which the additional storage process initiates to the database of the host 
computer side automatically when the conversion process of the received data 
format conversion means is terminated. 

According to another aspect of the present invention, the received data 
format conversion means can convert data with an external format to data with a 
database format. Only the essential conversion process is executed to obtain data 
received from the network in the database processing with the host computer. 
Therefore, obtaining fraudulent data in the host computer side can be prevented. 

According to another aspect of the present invention, the server can 
send data with a mail format to the received data storage means and can write data 
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with an external format. The way that the server sends data with mail format to 
the received data storage means secures one-way flow of data to the received data 
storage means from the server more than the way that the server writes data with 
an external format by accessing the storage region of a storage device. 

According to another aspect of the present invention, the network is 
the Internet. The Internet can require much higher security than intranets. 

An aspect of the present invention provides a network security system 
that can include a host computer to execute a predetermined process by using data 
with an internal format, a transmit process data format conversion means to 
storage data sent to the network, a transmit data format conversion means to 
convert data with an internal format stored in the transmit process data storage 
means and to store them in a transmit data storage means, and a server to send 
data with an external format stored in the transmit data storage means to the 
network. 

A server is connected to the network. Data with an external format is 
sent to other terminal devices through the network. The ways of data with an 
external format and its data format type, data with the internal format and its data 
format type, and conversion of the data format type are the same as in the case of 
received data. The received data format conversion means reads data with the 
internal format from the transmit process data storage means and converts them to 
data with an external format in a fixed procedure, and then, writes them to the 
transmit data storage means. 

The host computer writes data with the internal format to be sent to 
the transmit process data storage means with selective timing. Data with an 
external format sent from the server through the network is written by the transmit 
data format conversion means in the transmit data storage means. The server does 
not directly access to the transmit process data storage means. That is why 
accidentally sending out data to be protected on the host computer side can be 
prevented. 
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According to another aspect of the present invention, the transmit 
process data storage means can allow data with an internal format to be written by 
the host computer and can prevent data from being read out by the host computer, 
and the transmit data storage means can allow data with an external format which 
the server sends to be read out and can prevent data from being written by the 
server. The transmit data storage means can prevent data from being read out by 
the host computer in order to reduce the likelihood of and/or prevent fraudulent 
data from invading from the network side. The reason writing data into the 
transmit data storage means by the host computer is that the likelihood of 
fraudulent data from invading from the network side can be reduced and/or 
prevented. This secures only the data flow from the host computer to the network, 
and the internal system including the host computer is protected. All data can be 
prevented from being written or to be read out. All formats of data are included 
regardless of the type. 

According to another aspect of the present invention, the transmit 
process data storage means can allow data with an internal format to be read out by 
the transmit data format conversion means and can prevent data from being 
written by the transmit data format conversion means, and the transmit data 
storage means can allow data with an external format to be written and can prevent 
data from being readout by the transmit data format conversion means. The 
transmit data format conversion means is allowed only to read out data with 
internal format from the transmit data storage means, and only to write data with 
an external format to the transmit process data storage means. As a result, data 
flow by the transmit data format conversion means is a one way flow from the host 
computer side to the network side. Then, data flow from the network side to the 
host computer side can be prevented, and data in the host computer side can be 
protected. 

According to another aspect of the present invention, the conversion 
process from data with the internal format to data with an external format by the 
transmit data format conversion means can be executed with independent timing 
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from the storage process of data with the internal format to the transmit process 
data storage means by the host computer. The transmit data format conversion 
means can execute the conversion process with selective timing since the transmit 
process data storage means is arranged. Also, the host computer can write data 
with an internal format for sending with selective timing into the transmit process 
data storage means. The format of the internal data for sending is optional, and is 
not limited to database formats. 

According to another aspect of the present invention, the server can 
receive data with mail format from the transmit data storage means and can send 
them to the network. The way that the server sends data with mail format to the 
transmit data storage means can secure one way flow of data to the transmit data 
storage means from the server more than the way that the server writes data with 
an external format with accessing the storage region of a storage device. The 
network can be, for example, the Internet. The Internet can require much higher 
security compared with an ordinary intranet. 

An aspect of the present invention can also provide a network security 
system that includes a received data storage means to storage data with an external 
format which a server received through the network, a received data format 
conversion means to convert data with an external format stored in the received 
data storage means to data with an internal format and to store them in the 
received process data storage means, a host computer to execute a predetermined 
process by using data with the internal format stored in the received process data 
storage means, a transmit process data storage means to store data with the 
internal format sent to the network, a transmit data format conversion means to 
convert data with the internal format stored to the transmit process data storage 
means to data with an external format, and a server to send data with an external 
format stored in the transmit data storage means to the network. Other aspects of 
the present invention can be arranged in the system stated in this aspect of the 
invention. 
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According to another aspect of the present invention, the conversion 
process of from data with an external format to data with the internal format by the 
received data format conversion means, the additional storage process of the data 
with the internal format to the database of the host computer side, the conversion 
process from data with the internal format to data with an external format by the 
transmit data format conversion means, and the storage process of data with the 
internal format to the transmit process data storage means by the host computer 
are each executed with independent timing. As a barrier to one way flow is 
arranged in this manner, and data transfer is executed in order with each 
independent timing, protection of the host computer side from the network is 
reinforced. This has the effect that there is no way to send a fixed command from 
the network side using the data receiving function in construction 1 and to read out 
some data from the host computer side using the data sending function. 

An aspect of the present invention can provide a network security 
system comprising a server connected to the network and a mail transfer section 
connected to a host computer side, wherein a mail client and a mail server are 
arranged in the server, a mail receiving section to receive mail through 
communication line from the mail client and a mail sending section to send mail 
through the communication line to the mail server are arranged in the mail transfer 
section, and the host computer receives a data transfer from the server through the 
mail receiving section of the mail transfer section and transfer data to the server 
through the mail sending section of the mail transfer section. Data transfer 
between the server and mail transfer section can be implemented only with a fixed 
mail format. The host computer can give and take data with the server only 
through the mail transfer section. As a result, there is no way for fraudulent 
commands or fraudulent programs to be transferred between the server and the 
mail transfer section. 

According to another aspect of the present invention, the 
communication line can be a communication line dedicated to mail. Connection 
between the server and the mail transfer section with a communication line which 
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is dedicated to mail and does not have a path for other data invading and can 
thereby help maintain security with more certainty. 

An aspect of the present invention can provide a network security 
system comprising a mail server arranged on the network side and a mail transfer 
section arranged on the host computer side, wherein a mail receiving section to 
receive mail from the mail server through a mail dedicated line and a mail sending 
section to send mail to the mail server through a mail dedicated line are arranged, 
and the host computer receives data transfer from the mail server through the mail 
receiving section of the mail transfer section and transfers data to the mail server 
through the mail sending section of the mail transfer section. 

The mail server is arranged on the network side, and sends and 
receives mail through a dedicated line between the mail server and the mail 
transfer section of the host computer side. A dedicated line is optional if a line is a 
communication line, which would be only used for communication between the mail 
server and the host computer side. The host computer is protected from the 
network side, because the dedicated line is used for data transfer between the 
network and the host computer only by a fixed means. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block diagram showing an example of the system related to 
the present invention. 

Fig. 2 shows the actions of the process that data the server received 
are converted and stored in the received process data means. 

Fig. 3 is a flow chart of the actions with the server and the received 
process data storage. 

Fig. 4 is a block diagram indicating the example using the present 
invention to the system for the sending process. 

Fig. 5 is a block diagram of the system further reinforcing the security 

function. 
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Fig. 6 is another system of block diagram reinforcing the security 
function by use of mail sending. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
The present invention now will be described more fully hereinafter 
with reference to the accompanying drawings, in which preferred embodiments of 
the invention are shown. This invention may, however, be embodied in many 
different forms and should not be construed as limited to the embodiments set forth 
herein; rather, these embodiments are provided so that this disclosure will be 
thorough and complete, and will fully convey the scope of the invention to those 
skilled in the art. Like numbers refer to like elements throughout. 

Receiving Process 

Fig. 1 is a block diagram showing an example of the system of the 
present invention. As shown in the Fig. 1, the various terminal devices 2 which 
users utilize are connected to a network 1. A system for providing information for 
purchasing goods, for instance, can be connected to the network 1. This system can 
be, for example, a network security system 20 to reinforce the protection function by 
the present invention. The network security system 20 can comprise a server 3, 
received data storage means 6, received data format conversion means 7, received 
process data storage means 8 and a host computer 10. 

The server 3 is connected to the network 1. Inside of the server 3, a 
storage device, not shown, adapted to store information to provide users, can be 
installed. This network preferably comprises the Internet, but can include all other 
networks other than internet, such as a telephone network specifying users, and 
intranet. 

When an order is placed by a user, the server 3 typically receives the 

order information through the network 1. The host computer 10 is placed to process 

the order information and to arrange and administer goods. The received data 

storage means 6, the received data format conversion means 7, and the received 

process data storage means 8 transfer the order information received by the server 
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to the host computer 10. The host computer 10 can store the order information in 
the database storage section 9 from the received process data storage means 8 and 
can administer the orders. 

The received data storage means 6 can include a storage device for 
storing the data with an external format 4 which the server 3 receives through the 
network. The data with an external format 4 can be received from other terminal 
devices through the network, whose format is an optional format such as an e-mail 
format and a data file format. Also data having a text type of format, or data 
having a binary type of format can also be applicable. The received data format 
conversion means 7 can read data with an external format 4 from the received data 
storage means 6, convert the data with the external format 4 to the data with the 
internal format 5 in a fixed procedure, and can then write the data with the internal 
format 5 in the received process data storage means 8. The received data format 
conversion means 7 is preferably implemented by computer programming, but can 
also be implemented by hardware. Conversion of data format can be arranged 
optionally including extraction, sorting, partial delete, data addition, and the like. 
The received data format conversion means 7 can filter fraudulent data contained in 
the received data as the received data format conversion means 7 does not simply 
transfer data. 

The format of the data with the internal format 5 is optional as well, 
but the data has a fixed format pre-regulated on the host computer side. In this 
example, data with a CSV format is applied, because the CSV format can make it 
easy to update the database stored in the database storage section 9. Data with the 
CSV format are data with a text type format. The received data format conversion 
means 7 can analyze data received with an external format the server 3, extract the 
necessary data items and generate data with the internal format. The received 
process data storage means 8 is typically a storage device adapted to store fixed 
amounts of data with the internal format 5, and hold fixed amounts of data with the 
internal format 5 until the data with the internal format 5 is written in the 
database storage section 9. 
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Fig 2 shows conversion of data received by the server into data being 
stored in the received process data storage means. Fig. 3 is a flow chart illustrating 
actions of the server and the received process data storage means. Conversion will 
now be explained with reference to the drawings. First, the server can write data 
Dl received from the network 1 in the order the received data is received by storage 
means 6 (Fig. 3, step SI, step S2). Data D2 accumulated in the received data 
storage means 6 can be read out by the received data format conversion means 7 at 
fixed intervals, and can be converted to the data with the internal format 5 from the 
data with an external format 4 (Fig. 3, step S3, step S4). 

For instance, in case of administration of ordering data, this 
conversion process is set up to be executed once a day, twice a day, or every other 
hour. Therefore, the received data format conversion means 7 can preferably 
monitor the system timer and commence the action when the time for starting 
conversion is up. 

In the case of administration of ordering, data with mail format 
containing data on user codes, ordered goods codes, quantity to be ordered, and the 
like, for example can be stored in the received data storage means. If data 
indicating the location of the user code, for instance, is contained in the data with 
an external format, the data can be detected and cut off, and only the portion of the 
user code can be extracted. At this time, parts other than the user code and 
necessary data can be cut off and thrown away automatically. As a result, 
obtaining fraudulent data can be prevented. Obtaining camouflaged data, by 
inspecting a format with the data, can be prevented. The received data format 
conversion means 7 can extract the necessary data items in this manner, and can 
generate a text format of data separated, for instance, by commas. This data is 
written in the received process data storage means 8. 

When the conversion process of all data D2 stored in the received data 
storage means is finished, the program goes from step S5 in Fig. 3 to step S6 and 
the updating process of the database is executed. Data D3 stored in the received 
process data storage means 8 are written in the database as is. When the data D3 
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are data with CSV format, the data D3 can be taken into the database as is and can 
be used for organizing received orders. 

In the example above, after the data with an external format 4 is 
converted to data with the internal format 4 by the received data format conversion 
means 7, the storage process of this data with the internal format for addition to the 
database on the host computer side can be executed. However, these processes 
should be executed independently for the convenience of system operation. The 
conversion process by the received data format conversion means 7 is preferably 
executed when data with an external format is accumulated in some amount or 
when access to the server is not so busy. 

The server usually writes the received data in the received data 
storage means with one piece of data. As used herein, composite execution refers to 
processing not for each piece of data but a composite of numerical number of data, 
as with a batch process. As used herein, execution with independent timing refers 
to independent activation control of each process. Nevertheless, activation timing 
intended to control, for instance, in a manner in which an additional storage process 
initiates to the database of the host computer side automatically when the 
conversion process of the received data format conversion means is terminated, may 
also be acceptable. 

The received data format conversion means 7 is not just an interface 
between the server and the host computer. The received data format conversion 
means 7 can also filter the one-way flow to extract and fabricate only the necessary 
data from data with an external format which might contain fraudulent data, and 
can convert the necessary data to data with pre-established, safe, and internal 
format. Data with an external format the sever 3 received through the network 1 
(shown in Fig. 1) can be written into the received data storage means 6. The host 
computer 10 does not directly access this received data storage means 6. As a 
result, the host computer 10 can be prevented from obtaining fraudulent data from 
the network 1. 
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In Fig. 1, the received data storage means 6 can be a storage device set 
up to be independent from the server 3, or can be part of the storage device 
arranged inside of the server or the host computer 10. The received process data 
format conversion means 8 as well can be a storage device set up independently 
from the server or the host computer 10, or can be part of the storage device 
arranged in the inside of the host computer. The received data format conversion 
means 7 can be a computer program working on the server 3 or a computer program 
adapted to be executed on the host computer 10. 

Furthermore, the received data storage means 6 could allow data with 
an external format received by the server 3 to be written, but should prevent all 
data from being read out by the server 3. This can be implemented, for instance, by 
functions of the operation system. Alternatively, as will be explained later, the 
server 3 can transfer data with a mail format to the received data storage means 6. 
This can prevent data in the received data storage means 7 from being read out 
from the network side. The received process data storage means 8 could allow data 
with the internal format to be read out by the host computer 10, but can prevent 
data from being written by the host computer 10. Working of the received data 
format conversion means 7 can be limited as well. 

The received data storage means 6 can allow data with an external 
format to be read out by the received data format conversion means 7, can also 
prevent all data from being written by the received data format conversion means 7. 
The received process data storage 8 can allow data with the internal format to be 
written by the received data format conversion means 7, and can also prevent all 
data from being read out by the received data format conversion means 7. As stated 
above, it may be feasible to effectively protect the internal system from hackers by 
arranging several barriers with one way flow. 

Sending Process 

Fig. 4 is a block diagram showing the one preferred implementation of 
a system for sending. The system shown in Fig. 1 can safely take data received 
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through the network into the database processed by the host computer, for example, 
when sending data from a host computer to a network. Fig. 4 is one such example. 
The blocks the system in Fig. 1 appearing in Fig. 4 are denoted with a dashed line 
for purposes of distinction. 

In the system in Fig. 4, the host computer 10 has the received data 
storage means 12, the received data format conversion means 13 and the transmit 
process data storage means 14. The remained of the system is similar to the system 
shown in Fig. 1. The host computer 10 is adapted to execute ordering 
administration and the like in the use of the database storage section 9. The 
received process data storage means 14 can be a storage device to store data with 
the internal format which the host computer generates and sends over the network. 
The transmit data format conversion means 13 is adapted to convert data with the 
internal format stored in the transmit process data storage means 14 to data with 
an external format and to create the data stored in the transmit data storage means 
12. This, as well as the example in Fig. 1, can comprise a computer program and 
the like. The server 3 is adapted to send data with an external format stored in the 
transmit data storage means to the network. The content and format of data with 
an external format and internal format is generally the same as the example in 
Fig. 1. 

In this system, if the host computer 10 has data to be sent through the 
network, the host computer can covert this to the data with the internal format 
with selective timing and can store the data in the received process data storage 
means 14. The transmit data format conversion means 13 can be, for instance, 
activated in each case by the host computer, and can read out data with the internal 
format from the transmit process data storage means 14 and convert data with the 
internal format to data with an external format. The transmit data format 
conversion means 13 can then write data with an external format to the transmit 
data storage means 12. This action is different from the case of data received in 
Fig. 1. As the transmit data format conversion means 13 can acquire information 
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on emergency of sending data from the host computer, the timing of sending data 
should be classified. 

After data are written in the transmit data storage means 12, the 
server should conduct a sending process to the network with emergency of data 
sending considered, as well. In this example also, the transmit process data storage 
means 14 allows data with the internal format to be written by the host computer, 
and should prevent data from being read out by the host computer. The transmit 
data storage means 12 can preferably allow data with an external format sent by 
the server to be read out, and can prevent data from being written by the server 3. 

Furthermore, the transmit process data storage means 14 can 
preferably allow data with the internal format to be read out by the transmit data 
format conversion means 13, and can prevent data from being written by the 
transmit data format conversion means 13. The transmit data storage means 12 
can preferably allow data with an external format the server sends to be written by 
the transmit data format conversion means 13, and can prevent data from being 
read out by the received data format conversion means 13. As stated above, it is 
feasible to prevent hackers from stealing data by arranging several barriers with 
one way flow to the network. 

The conversion process of data with the internal format to data with 
an external format by the received data format conversion means 13 can be 
executed with independent timing from the storage process of data with the internal 
format to the transmit process data storage means 14 by the host computer 10. The 
system combining the system to receive data indicated in Fig. 1 and the system to 
send data indicated in Fig. 4 can present extremely high security as far as received 
and transmitted data is concerned. It is preferable that the conversion process by 
the received data format conversion means 7 shown in Fig. 4, the additional storage 
process of data with the internal format to the database of the host computer 10 
side, the storage process of data to the received process data storage means 14 by 
the host computer 10 and the conversion process by the received data format 
conversion means 13 are each preferably executed with independent timing. 
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Fig. 5 is a block diagram of a network security system that greatly 
reinforces the security of the system. Typically, a specified region in the storage 
device of a computer can be controlled with only reading out, and the rest of region 
in the storage device can be controlled by preventing both reading out and writing. 
However, it can be difficult to prevent hackers from invading the system completely 
by a fraudulent means when this kind of control is accomplished by software. For 
instance, if each function block shown in the system of Fig. 1 is brought into 
practice using a single computer, it would be the same as if the received data 
storage means 6, the received process data storage means 8, the transmit data 
storage means 12 and the transmit process data storage means 14 were all located 
on one memory. The server 3 and the host computer 10 could be connected directly 
by LAN (Local Area Network) and share a storage device. In such a case, it would 
be difficult to prevent fraudulent access completely by the received process data 
storage means 8 and by the transmit process data storage means 14, which should 
be protected on the host computer side. Therefore, in this example, a mail system 
which can transfer only with a fixed format, can be used to connect between the 
server and the host computer. 

The server in Fig. 5 has a mail client 31, a storage device 33 and a mail 
server 32. Also, a mail transfer section 40 has a mail receiving section 41 and a 
mail sending section 42. Further a data conversion section 50 has a received data 
storage means 6, a received data format conversion means 7, a received process 
data storage means 8, and a transmit data storage means 12. In the example, the 
function of the mail transfer section 40 stated above controls a way to transfer data 
in the sever 3 and the data transfer of the host computer side to reinforce the 
security of the host computer side. If the data transfer section 50 is arranged with 
the mail transfer section 40, it could provide higher system security. 

The mail receiving section 41 of the mail transfer section 40 can be a 
device having a mail receiving function, and the mail sending section 42 can be a 
device having a mail sending function. These mail transfer section 40 and the 
server 3 are preferably connected only with cables for mail receiving and sending 
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43, 44. Data transfer between the server 3 and the mail transfer section 40 are 
typically not executed without a fixed mail format under this configuration. For 
instance, if the data format transferred with this mail is limited to a text format of 
data, fraudulent commands and programs would not be transferred between the 
server 3 and the mail transfer section 40. 

In the storage device 33 of the server 3 web page data, for example, 
such as a home page to sell goods through the network 1 such as the Internet can be 
stored. The mail client 31 sends data to place an order for goods to the mail 
receiving section 41 of the mail transfer section 40 with a mail format. When the 
mail client receives orders for goods from users with the terminal device 2 through 
the network, the mail receiving section 41 has the received mail to be stored in the 
received data storage means 6. o 

The data can then be taken in the database 9 after the conversion of 
data format. The data conversion section 50 can comprise, for example, a means to 
convert the data format to the database format and write database 9 directly. On 
the other hand, when an order is being placed, the host computer can generate a 
comment reading "Receiving an order" with delivery information including a 
shipping date. This comment and information can be stored in the transmit data 
storage means 12. The mail sending section 42 can send this comment and 
information to the mail server 32 after this comment and information are converted 
to data with mail format. The mail server 32 can then send the data to the 
network. 

In other words, the mail client 31 can send data with the mail format 
to the mail receiving section 41, but does not have a mail receiving function. The 
mail server 32 receives mails from the mail sending section 42 but does not have a 
mail sending function. A dedicated communication line for transferring should be 
used to make connection between the server 3 and the mail transfer section 40. As 
such, the server 3 and the mail transfer section 40 can be constituted separately 
from a hardware point of view. To enhance the security even more, the 
communication line is preferably one which does not have a invading route of other 
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data. As only data with mail format, not data with the other format is transferred, 
and fraudulent commands or data can not be taken to the host computer and the 
like. Therefore, to provide enhanced reliability, this communication line is 
preferably a one-way data transfer path. This can provide the improved system 
security. 

Fig. 6 is a block diagram of another system using mail transfer to 
improve security. The web server 51 of the system 20 is connected to the network 1 
and can communicate with the network 1. This web server 51 is connected to the 
mail server 52. The mail server 52 is connected to the mail receiving section 41 of 
the mail transfer section 40 through the mail dedicated line 53. The mail server 52 
is connected to the mail sending section 42 of the mail transfer section 40 through 
the mail dedicated line 54. The portion below the mail transfer section 40 to the 
host computer is the same as Fig. 5. This system can help to ensure high security 
whether the mail transfer section 40 is connected to the host computer directly or 
the mail transfer section 40 is a part of the host computer 10. 

The mail-dedicated lines 53, 54 above, are used only for transfer of 
mail between the mail server 52 and the mail transfer section 40. These lines 
cannot transfer data with any format but a specified one, as these lines are used 
only for mail transfer. Therefore, illegal invasion from the network side to the host 
computer side can be assuredly prevented. Data are not carelessly sent out from 
the host computer to the network. The dedicated lines 53, 54, can be made up of a 
separate upstream and downstream cables as shown in Fig. 6 or can be made of one 
cable capable of transferring mail in both directions. Arrows indicate that data is to 
be transferred only in one direction from the network 1 to the web server 51. 
Nevertheless, communication between the network 1 and the web server 51 can be 
made in both directions. 

In the system stated above, when data to place orders for goods from 
the terminal 2 is sent to the network 1, the web server 51 receives the order. The 
web server 51 can send the received data to the mail server 52, and the mail server 
52 can send the data to the mail receiving section 41 through the dedicated line 53 
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with mail format. On the other hand, mails sent from the host computer 10 can be 
transferred to the mail server 52 through the dedicated line 54 from the mail 
sending section 42. The mail server 52 can send the mail to the terminal device 2 
through the network 1 in use of the own function of mail receiving. The remaining 
parts are similar to those described above, and for sake of brevity will not be 
repeated. Mail transfer by use of the dedicated lines 53, 54 can provide protection 
and reinforcement of the internal system from the network. 

Various aspects of the present invention have been illustrated in detail 
in the figures. It will be understood that individual blocks of the figures, and 
combinations of blocks in the figures, can be implemented by computer program 
instructions. These computer program instructions may be provided to a processor 
or other programmable data processing apparatus to produce a machine, such that 
the instructions which execute on the processor or other programmable data 
processing apparatus create means for implementing the functions specified in the 
block or blocks. These computer program instructions may also be stored in a 
computer-readable memory that can direct a processor or other programmable data 
processing apparatus to function in a particular manner, such that the instructions 
stored in the computer-readable memory produce an article of manufacture 
including instruction means which implement the functions specified in the block or 
blocks. 

Accordingly, blocks of the figures support combinations of means for 
performing the specified functions, combinations of steps for performing the 
specified functions and program instruction means for performing the specified 
functions. It will also be understood that individual blocks of the figures, and 
combinations of blocks in the flowchart illustrations, can be implemented by special 
purpose hardware-based computer systems which perform the specified functions or 
steps, or by combinations of special purpose hardware and computer instructions. 

In the drawings and specification, there have been disclosed typical 
preferred embodiments of the invention and, although specific terms are employed, 
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they are used in a generic and descriptive sense only and not for purposes of 
limitation, the scope of the invention being set forth in the following claims. 
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